Anytime an individual discovers a security flaw, there are certain steps that should be taken to ensure that the details of the flaw are disclosed in a responsible and acceptable manner. Reporting a flaw in open source software poses a number of unique challenges compared to the closed source counterparts.

This document should not be seen as a set of rules, but rather a set of best practices designed to help inform and guide the projects, researchers, and developers.

How a flaw should be dealt with can be broken into two distinct groups:

• Researchers
• Projects

( The Content in whattodo should be merged into these pages)

Matthieu Herrb's presentation on the topic based on his experience with XFree86 and X.Org (in French). Matthieu offered - “If someone would like to translate it, I can provide the LaTeX/beamer source file for it.”

Alex Gaynor's "Security process for Open Source Projects"